5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
74.5%
The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers.
The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server from releasing handles when telnet sessions are terminated in a specific manner. If a sufficiently large number of session requests are established and then terminated in this manner, it is possible to consume all available handle resources, resulting in a denial-of-service attack against all services offered by the victim server.
This vulnerability allows a remote attacker to disrupt or crash affected Windows 2000 servers, resulting in a denial-of-service condition.
Apply a patch from your vendor
Microsoft has released a patch for this vulnerability; for further information, please consult the systems affected section below.
Disable telnet service
Sites that do not require the Windows 2000 Telnet Service may disable it to prevent exploitation of this vulnerability.
215259
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 14, 2001
Affected
Microsoft has addressed this vulnerability in the following Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has archived Microsoftβs announcement of MS01-031 at
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Jeffrey P. Lanza and is based on information provided by Microsoft.
CVE IDs: | CVE-2001-0346 |
---|---|
Severity Metric: | 11.81 Date Public: |